Signed-off-by: Arthur Chan <arthur.chan@adalogics.com>
This commit is contained in:
Arthur Chan 2023-08-10 14:59:25 +00:00 committed by Pedro Igor
parent 5f372b8483
commit 85cace1142
2 changed files with 35 additions and 2 deletions

View file

@ -79,9 +79,23 @@ public class JWKParser {
} }
private PublicKey createECPublicKey() { private PublicKey createECPublicKey() {
/* Check if jwk.getOtherClaims return an empty map */
if (jwk.getOtherClaims().size() == 0) {
throw new RuntimeException("JWK Otherclaims map is empty.");
}
/* Try retrieving the necessary fields */
String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV); String crv = (String) jwk.getOtherClaims().get(ECPublicJWK.CRV);
BigInteger x = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.X))); String xStr = (String) jwk.getOtherClaims().get(ECPublicJWK.X);
BigInteger y = new BigInteger(1, Base64Url.decode((String) jwk.getOtherClaims().get(ECPublicJWK.Y))); String yStr = (String) jwk.getOtherClaims().get(ECPublicJWK.Y);
/* Check if the retrieving of necessary fields success */
if (crv == null || xStr == null || yStr == null) {
throw new RuntimeException("Fail to retrieve ECPublicJWK.CRV, ECPublicJWK.X or ECPublicJWK.Y field.");
}
BigInteger x = new BigInteger(1, Base64Url.decode(xStr));
BigInteger y = new BigInteger(1, Base64Url.decode(yStr));
String name; String name;
switch (crv) { switch (crv) {

View file

@ -27,6 +27,7 @@ import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.PemUtils; import org.keycloak.common.util.PemUtils;
import org.keycloak.crypto.JavaAlgorithm; import org.keycloak.crypto.JavaAlgorithm;
import org.keycloak.crypto.KeyType; import org.keycloak.crypto.KeyType;
import org.keycloak.crypto.KeyUse;
import org.keycloak.common.crypto.CryptoIntegration; import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.rule.CryptoInitRule; import org.keycloak.rule.CryptoInitRule;
import org.keycloak.util.JsonSerialization; import org.keycloak.util.JsonSerialization;
@ -47,6 +48,7 @@ import static org.junit.Assert.assertArrayEquals;
import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue; import static org.junit.Assert.assertTrue;
import static org.junit.Assert.fail;
import static org.keycloak.common.util.CertificateUtils.generateV1SelfSignedCertificate; import static org.keycloak.common.util.CertificateUtils.generateV1SelfSignedCertificate;
/** /**
@ -207,6 +209,23 @@ public abstract class JWKTest {
assertEquals("X.509", key.getFormat()); assertEquals("X.509", key.getFormat());
} }
@Test
public void emptyEcOverclaim() throws Exception {
JWKBuilder builder = JWKBuilder.create();
KeyPairGenerator generator = KeyPairGenerator.getInstance("EC");
KeyPair keyPair = generator.generateKeyPair();
JWK jwk = builder.ec(keyPair.getPublic(), KeyUse.ENC);
JWKParser parser = new JWKParser(jwk);
try {
parser.toPublicKey();
} catch (NullPointerException e) {
fail("NullPointerException is thrown: " + e.getMessage());
} catch (RuntimeException e) {
// Other runtime exception is expected.
}
}
private byte[] sign(byte[] data, String javaAlgorithm, PrivateKey key) throws Exception { private byte[] sign(byte[] data, String javaAlgorithm, PrivateKey key) throws Exception {
Signature signature = Signature.getInstance(javaAlgorithm); Signature signature = Signature.getInstance(javaAlgorithm);
signature.initSign(key); signature.initSign(key);